We are big fans of WordPress here at AttorneySync. We recommend WordPress for our law firm clients and use it on our own sites (including this one). Most websites and blogs we work with require the use of a contact form, and we typically use the free plugin Contact Form 7.
WordPress is one of the most widely used blogging / website platforms and Contact Form 7 is one of the most popular plugins for contact forms on WordPress. This presents a situation that is ripe to be exploited by our spammer friends. There are many bots and programs created to seek out and spam Contact Form 7 on WordPress sites with nonsensical gibberish or offering a great deal on Viagra. In our experience, the automated submissions can be so aggressive that on some days we were receiving 40-60 "fake" requests. After a bit of research, I was able to implement a few fixes to dramatically cut down on the spam we received. Since taking these measures, I have yet to receive anymore automated spam through the form (fingers crossed).
Here is an outline of the steps I took:
1. Really Simple Captcha - The first step was to install a Really Simple captcha on the form. A captcha is a series of numbers or letters you sometimes see at the end of a form that helps to verify if you are human. Really simple captcha was created to work with Contact Form 7. It is not full proof but it helps cut down on some spam.
2. Filter Spam With Akismet - The Akismet plugin comes pre-installed with WordPress now. First you will need to make sure that Akismet is activated using your WordPress.com API key. Once activated, Akismet helps to filter spam comments but it can also be used with Contact Form 7 to verify and filter contact form submissions. You can find directions on the Contact Form 7 blog to setup filtering using Akismet. Here is a quick excerpt of the Akismet options you can add to your form:
Add this option to the field that accepts the name of the sender.
Example: [text* your-name akismet:author]
Add this option to the field that accepts the email address of the sender.
Example: [email* your-email akismet:author_email]
Add this option to the field that accepts the URL of the sender.
Example: [text your-url akismet:author_url]
3. Install Bad Behavior Plugin - The bad behavior plugin prevents spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. You can read more about the plugin and how it works here.